WO2010121433A1 - Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal - Google Patents

Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal Download PDF

Info

Publication number
WO2010121433A1
WO2010121433A1 PCT/CN2009/071440 CN2009071440W WO2010121433A1 WO 2010121433 A1 WO2010121433 A1 WO 2010121433A1 CN 2009071440 W CN2009071440 W CN 2009071440W WO 2010121433 A1 WO2010121433 A1 WO 2010121433A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
terminal
type
target
csg
Prior art date
Application number
PCT/CN2009/071440
Other languages
French (fr)
Chinese (zh)
Inventor
刘晓寒
陈璟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN2009801236964A priority Critical patent/CN102077652A/en
Priority to PCT/CN2009/071440 priority patent/WO2010121433A1/en
Publication of WO2010121433A1 publication Critical patent/WO2010121433A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Definitions

  • the present invention relates to the field of mobile communication technologies, and in particular, to a method and apparatus for performing admission control on a limited user group CSG terminal.
  • the CSG (Closed Subscriber Group) technology is introduced in the private network.
  • a private network if user A subscribes to CSG1 or is added to CSG1 by the administrator of CSG1, user A is allowed to normally camp in all cells included in CSG1 and can access all private network devices in CSG1. If the user A is not subscribed to the CSG1 and is not added to the CSG1 by the administrator of the CSG1, the user A cannot camp in the cell included in the CSG1 or the private network in the CSG1.
  • the device performs service access. That is, the private network that has introduced the CSG only provides services for the subscribers of the CSG. The subscribers who do not subscribe to the CSG are not allowed to access the private network equipment under the CSG cell except for the emergency call.
  • Embodiments of the present invention provide a method and apparatus for performing admission control on a limited user group CSG terminal to avoid private network device owners in a private network system that introduces CSG technology. Loss of interest.
  • the embodiment of the invention discloses a method for performing admission control on a CSG terminal of a limited user group, including: receiving a service access request initiated by a CSG subscription terminal, where the service access request carries the indication of the CSG subscription The target network device that the terminal requests to access and the information of the target access type requested to be accessed; when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device, The access service request is allowed.
  • the embodiment of the present invention further discloses a method for performing admission control on a CSG terminal, including: obtaining admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has a CSG cell
  • the private network device performs the access permission for the access service.
  • the access permission identifier indicates that the terminal has the right to perform the target access type on the target network device, the service access request is initiated.
  • the embodiment of the invention further discloses an apparatus for performing admission control on a CSG terminal, comprising: a receiving unit, configured to receive a service request initiated by a subscription terminal of the CSG, where the service access request carries the indication
  • the CSG subscription terminal requests the access target network device and the requested target access type information
  • the first control unit is configured to: when the saved access authority identifier indicates that the CSG subscription terminal has performed on the target network device
  • the rights of the target access type are described, the access service request is allowed.
  • the embodiment of the invention further discloses a terminal device, comprising: an obtaining unit, configured to acquire admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has a CSG cell And the first control unit is configured to initiate a service access request when the access authority identifier indicates that the terminal has the right to perform the target access type on the target network device.
  • the embodiment of the present invention further discloses a network management device, including: a setting unit, configured to set admission control information for a CSG subscription terminal, where the access permission identifier in the admission control information is used to identify whether the CSG subscription terminal is The user has the right to access the private network device under the CSG cell; the admission control information updating unit is configured to update the admission control information according to the needs of the user.
  • the terminal After obtaining the admission control information on the terminal side, the terminal can prevent the target network device from having the target access type permission, so that the terminal can be blocked before the terminal initiates the access service request, and the private network device owner is protected. The benefits of further savings in air traffic and processing resources.
  • FIG. 1 is a flow chart of an embodiment of a method for performing admission control on a CSG terminal according to the present invention
  • FIG. 2 is a flow chart of another embodiment of a method for performing admission control on a CSG terminal according to the present invention
  • FIG. 3 is a flow chart showing another embodiment of a method for performing admission control on a CSG terminal according to the present invention.
  • FIG. 4 is a structural diagram of an embodiment of an apparatus for performing admission control on a CSG terminal according to the present invention
  • FIG. 5 is a structural diagram of another embodiment of an apparatus for performing admission control on a CSG terminal according to the present invention.
  • FIG. 6 is a structural diagram of an embodiment of a terminal device according to the present invention.
  • FIG. 1 is an implementation of a method for performing admission control on a CSG terminal according to the present invention.
  • the CSG subscription terminal initiates a service access request to the network side entity or the base station, and the network side entity or the base station performs admission control on the CSG terminal according to the saved admission control information.
  • the method specifically includes the following steps:
  • Step 101 Receive a service access request initiated by a subscription terminal of the CSG, where the service access request carries information indicating a target network device requested by the CSG subscription terminal and a target access type requested to be performed;
  • the core network side entity When the admission control information is stored on the core network side, the core network side entity receives the bearer setup request message sent by the CSG subscription terminal; or the core network side entity receives the bearer setup request message forwarded by the CSG subscription terminal through the base station,
  • the bearer setup request message includes a target access type identifier and a target network device identifier.
  • the base station When the admission control information is stored on the access network side, the base station receives the bearer setup request message sent by the CSG subscription terminal; or the base station receives the bearer setup request message sent by the CSG subscription terminal through the core network side entity,
  • the bearer setup request message includes a target access type identifier and a target network device identifier.
  • Step 102 Allow the access service request when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
  • the access permission identifier is specifically a first type of rights identifier or a second type of rights identifier, where the first type of rights identifier is used to uniformly identify whether the CSG subscription terminal has performed on all private network devices in the CSG cell. Access rights, the second type of rights identifiers are used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
  • the access authority identifier is specifically the first type of the rights identifier
  • the first type of the rights indicator indicates that the CSG subscription terminal has the right to perform the target access type for all the private network devices in the CSG cell, Allowing the service access request
  • the access permission identifier is specifically the second type of the rights identifier
  • the second type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type on the target network device, the Service access request.
  • the target access type includes: local IP access and remote access.
  • the embodiment of the present invention may further include: when the saved access authority identifier indicates that the CSG subscription terminal does not have the target access type for the target network device When the permission is granted, the service access request is rejected.
  • the foregoing embodiment can be used to determine, on the network side, whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, and further prevent the terminal that does not have the target access service to the target network device. Protect the interests of private network device owners.
  • FIG. 2 is a flowchart of another embodiment of a method for performing admission control on a CSG terminal according to the present invention.
  • the admission control information is obtained by the contracting terminal of the CSG, and the terminal is subjected to admission control according to the admission control information.
  • the method specifically includes the following steps:
  • Step 201 Obtain admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell.
  • the admission control information includes a first type of rights identifier or a second type of rights identifier, where the first type of rights identifier is used to uniformly identify whether the CSG subscription terminal has all private network devices under the CSG cell. Access rights, the second type of rights identifiers are used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
  • the obtaining the admission control information may be implemented by any one of the following methods:
  • Receiving the Open Mobile Alliance device management OMA DM server sends the admission control information by means of OMA DM;
  • Step 202 When the access authority identifier indicates that the terminal has a target network device When the access type is granted, a service access request is initiated.
  • the access permission identifier is specifically the first type of the rights identifier
  • the first type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type for all the private network devices in the CSG cell. Allowing the service access request;
  • the access permission identifier is specifically the second type of the rights identifier
  • the second type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type on the target network device, the Service access request.
  • the target access types include: local IP access and remote access.
  • the embodiment of the present invention may further include: rejecting the service when the saved access authority identifier indicates that the CSG subscription terminal does not have the right to perform the target access type on the target network device. Access request.
  • the embodiment may further include: the network side entity or the base station according to the saved admission control information
  • the terminal performs further admission control.
  • the method for the admission control may be the same as the method for admission control in the first embodiment, and the present invention does not limit the method.
  • the terminal determines whether it has the right to perform the target access type on the target network device, so that the terminal can perform the service access request before the terminal initiates the service access request. Blocking, protecting the interests of private network device owners, further saving air traffic and processing resources.
  • Embodiment 3 When the embodiment further includes the network side entity or the base station performing the admission control on the terminal that initiates the service access request, the terminal that does not have the right to perform the target access type on the target network device is further blocked, and the private network device is protected. The interests of the owner.
  • Embodiment 3 When the embodiment further includes the network side entity or the base station performing the admission control on the terminal that initiates the service access request, the terminal that does not have the right to perform the target access type on the target network device is further blocked, and the private network device is protected. The interests of the owner.
  • Step 301 The CSG administrator sets the admission control information for the CSG subscription terminal in advance.
  • the access permission identifier in the admission control information is used to identify whether the CSG subscription terminal has local IP connection to the private network device under the CSG cell. Access rights;
  • the admission control information may be set by the network side entity in addition to the setting by the CSG administrator, which is not limited by the embodiment of the present invention.
  • the CSG administrator can set the access authority identifier in the admission control information to the first type of rights identifier, and the first type of the rights identifier is used to uniformly identify whether the CSG subscription terminal has access to all private network devices in the CSG cell. permission.
  • the admission control information exists in an extended form of an existing ACL (Allowed CSG list).
  • Table 1 is an ACL containing the first type of permission identifier.
  • the ACL includes an identifier of the home network device in each CSG cell and a first type of rights identifier set for all home network devices in the CSG cell, and the first type of rights identifier indicates that the CSG subscription terminal is camped on the CSG.
  • the first type of privilege identifier may be represented by a one-digit binary number. For example, when the first type of privilege identifier is 1, it indicates that all home network devices under the CSG cell are allowed to perform local IP access. When the first type of authority identifier is 0, it indicates that local IP access of all home network devices under the CSG cell is denied.
  • the first type of rights identifier may also be represented by a two-digit binary number.
  • the first type of rights identifier is 11, it indicates that the All the home network devices in the CSG cell perform local IP access and remote access.
  • the first privilege identifier is 10
  • all home network devices under the CSG cell are allowed to perform local IP access, but the CSG is rejected. All the home network devices in the cell are remotely accessed.
  • the first type of rights identifier is 01, the user is denied local IP access to all the home network devices in the CSG cell, but all the families in the CSG cell are allowed.
  • the network device performs remote access.
  • the first type of permission identifier is 00, it indicates that local IP access and remote access are denied to all home network devices under the CSG cell.
  • the CSG administrator may set the access authority identifier in the admission control information to the second type of rights identifier, where the second type of the rights identifier is used to identify whether the CSG subscription terminal has the private network device under the CSG cell. Access rights.
  • the admission control information still exists in an extended form of the existing ACL, as shown in Table 2, and Table 2 is an ACL containing the second type of authority identifier.
  • the ACL includes an identifier of the home network device in each CSG cell and a second type of rights identifier separately set for each home network device in the CSG cell, and the second type of rights identifier indicates that the CSG subscription terminal is camped on the After the CSG cell, whether local IP access can be performed to the corresponding home network device under the CSG cell.
  • the second type of privilege identifier may be represented by a one-digit binary number. For example, when the second type of privilege identifier is 1, it indicates that local IP access of the corresponding home network device under the CSG cell is allowed. When the type 2 permission identifier is 0, it indicates that the local IP access of the corresponding home network device under the CSG cell is denied.
  • Table 1 is the ACL that contains the first type of permission ID.
  • the second type of rights identifier may also be represented by a two-digit binary number.
  • the second type of rights identifier is 11, it indicates that the The corresponding home network device in the CSG cell performs local IP access and remote access; when the second privilege identifier is 10, it indicates that local IP access of the corresponding home network device under the CSG cell is allowed, but the CSG is rejected.
  • the corresponding home network device in the cell performs remote access; when the first type of rights identifier is 01, it indicates that local IP access is denied to the corresponding home network device in the CSG cell, but the corresponding home under the CSG cell is allowed.
  • the network device performs remote access; when the first type of permission identifier is 00, it indicates that local IP access and remote access are denied to the corresponding home network device under the CSG cell.
  • the above home network device identifier may be in the form of an FQDN.
  • the suffix may be TV@H(e)NBID.PLMNID.COM, or [email protected], or www.xxx.com, or Other formats are such that the home network device identification is unique within a certain range or globally.
  • the home network device identifier can also be used in any other form.
  • the embodiments of the present invention are not limited thereto.
  • the set admission control information may be stored on the core network side or the access network side, or the terminal may obtain the set admission control information from the network side entity or the base station.
  • Table 2 is the ACL containing the second type of permission identifier.
  • Step 302 The terminal initiates a bearer setup request message to the core network side entity.
  • the terminal sends a bearer setup request message to the core network side entity, and the terminal may further send a bearer setup request message to the base station, and then the base station sends the bearer setup request message to the base station.
  • the bearer setup request message is forwarded to the core network side entity.
  • the terminal may send a bearer setup request message to the base station.
  • the terminal may also send a bearer setup request message to the core network side entity, and then the core network side entity will The bearer setup request message is forwarded to the base station.
  • the core network side entity may be a node MME of the core network (Mobility Management)
  • the bearer setup request message includes a target access type identifier and a target network device identifier.
  • Step 303 The core network side entity determines, according to the access authority identifier in the admission control information, whether the terminal has the target access type identifier indicated by the target network device indicated by the target network device identifier in the bearer setup message. The access permission of the target, if yes, proceeds to step 304, if no, proceeds to step 305;
  • the core network side entity may determine, according to the content of the first type of permission identifier in the admission control information, whether the terminal has the right to perform target access to the target network device, or according to the second in the admission control information.
  • the content of the class permission identifier determines whether the terminal has the right to target access to the target network device.
  • the base station may determine, according to the content of the first type of permission identifier in the admission control information, whether the terminal has the right to perform target access to the target network device, or according to the admission.
  • the content of the second type of authority identifier in the control information is used to determine whether the terminal has the right to perform target access to the target network device.
  • Step 304 Allow an access service request of the terminal.
  • Step 305 Reject the service access request of the terminal.
  • step 302 is omitted, and the terminal directly determines whether the target network device is performed according to the access authority identifier in the admission control information. The right of the target access, if yes, allows the terminal to initiate a service access request to the target network device, and if not, the terminal refuses to initiate a service access request to the target network device.
  • the CSG subscription terminal determines whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, and further prevents the terminal that does not have the service access to the target network device from being protected.
  • the terminal After obtaining the admission control information on the terminal side, the terminal can prevent the target network device from having the target access type permission, so that the terminal can prevent the private network device from being owned before the terminal initiates the service access request. Benefits, further saving air and processing Resources.
  • the embodiment of the present invention further provides an apparatus for performing admission control on the CSG terminal.
  • FIG. 4 is a structural diagram of an embodiment of an apparatus for controlling a CSG terminal according to the present invention, the apparatus includes a receiving unit 401 and a first control unit 402. The internal structure and connection relationship are further described below in conjunction with the working principle of the device.
  • the receiving unit 401 is configured to receive a service request initiated by the CSG subscription terminal, where the service access request carries information indicating a target network device requested by the CSG subscription terminal and a target access type requested to be performed;
  • the first control unit 402 is configured to allow the access service request when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
  • the receiving unit 401 may be specifically: a first receiving unit or a second receiving sub-unit, when the admission control information is saved on the core network side,
  • a first receiving subunit configured to receive a bearer setup request message sent by the terminal, where the second receiving subunit is configured to receive a bearer setup request message forwarded by the base station, where the bearer setup request message includes a target access type identifier and Target network device ID.
  • the receiving unit 401 may specifically be: a third receiving subunit or a fourth receiving subunit,
  • a third receiving subunit configured to receive a bearer setup request message sent by the terminal
  • a fourth receiving subunit configured to receive a bearer setup request message forwarded by the core network side entity, where the bearer setup request message includes a target access type identifier and a target network device identifier.
  • the first control unit 402 may be specifically: a first type of rights identifier control subunit or a second type of rights identifier control subunit, where
  • a first type of rights identifier control subunit configured to allow, according to the content of the first type of rights identifier, when the CSG subscription terminal has the right to perform the target access type for all private network devices under the CSG cell,
  • the service access request, the first type of permission identifier is used for unified identification Whether the CSG subscription terminal has the right to access all private network devices under the CSG cell;
  • the second type of permission identification control sub-unit according to the content of the second type of permission identification, when
  • the service access request is allowed, and the second type of permission identifier is used to identify whether the CSG subscription terminal has a CSG cell. Permission to access each private network device.
  • the embodiment of the present invention may further include a second control unit 403, configured to: when the saved access authority identifier indicates that the CSG subscription terminal does not have the right to perform the target access type on the target network device, Said service access request.
  • Embodiment 5 Determining, by the base station, whether the CSG subscription terminal can perform the target access type permission on the private network device under the CSG cell, further preventing the terminal that does not have the service access to the target network device, and protecting the interests of the private network device owner.
  • the embodiment of the present invention further provides a terminal device.
  • FIG. 5 is a structural diagram of an embodiment of a terminal device according to the present invention, the device includes: an obtaining unit 501 and a first control unit 502. The internal structure and connection relationship will be further described below in conjunction with the working principle of the device.
  • the obtaining unit 501 is configured to obtain the access control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell.
  • the first control unit 502 is configured to initiate a service access request when the access authority identifier indicates that the terminal has the right to perform a target access type on the target network device.
  • the obtaining unit 501 may be specifically: a first acquiring subunit, a second acquiring subunit, or a third acquiring subunit,
  • a first acquiring subunit configured to receive, by the Open Mobile Alliance device, the OMA DM server, the admission control information sent by using an OMA DM
  • a second acquiring subunit configured to receive the admission control information that is sent by the network side entity by using NAS signaling;
  • a third acquiring subunit configured to receive the admission control information sent by the base station by using RRC signaling.
  • the first control unit 502 may be specifically: a first type of rights identifier control subunit or a second type of rights identifier control subunit, where
  • a first type of rights identifier control subunit configured to allow, according to the content of the first type of rights identifier, when the terminal has the right to perform the target access type for all private network devices under the CSG cell, a service access request, where the first type of authority identifier is used to uniformly identify whether the CSG subscription terminal has the right to access all private network devices in the CSG cell;
  • the second type of rights identifier is used to identify whether the CSG signing terminal has the right to access the private network devices in the CSG cell.
  • the embodiment of the present invention may further include a second control unit 503, configured to not initiate a service access request when the access authority identifier indicates that the terminal does not have the right to perform the target access type on the target network device.
  • the terminal can prevent the target network device from having the service access type permission, so that the terminal can be blocked and protected before the terminal initiates the service request.
  • the interests of private network equipment owners further save air and process resources.
  • the embodiment of the present invention further provides a network management device.
  • a network management device Referring to FIG. 6, it is a structural diagram of an embodiment of a network management device.
  • the device includes: a setting unit 601 and an admission control information updating unit 602, where
  • the setting unit 601 is configured to set the admission control information for the CSG subscription terminal, where the access permission identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell. ;
  • the admission control information updating unit 602 is configured to update the admission control information according to the needs of the user.
  • the setting unit 601 may be specifically a first setting subunit or a second setting subunit, where the first setting subunit is configured to set a first type of permission identifier, where the first type of permission identifier is used to uniformly identify whether the CSG subscription terminal is Having access to all private network devices under the CSG cell;
  • the second setting sub-unit is configured to set a second type of permission identifier, where the second type of permission identifier is used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and apparatus for carrying out admission controlling of closed subscriber group CSG terminal are provided, wherein, the said method includes the following steps: a service access request initiated by CSG subscribed terminal is received, the service access request carries the information indicating the object network equipment that the CSG subscribed terminal requests to access and the object access type that the CSG subscribed terminal requests to process; when the stored access authority identifier indicates that the CSG subscribed terminal has the authority to carry out the object access type to the object network equipment, the access service request is allowed. According to the embodiment of the present invention, the benefit loss of the home network device owner can be avoided in the private network system which introducing CSG technique.

Description

一种对限定用户组 CSG终端进行准入控制的方法及装置 技术领域  Method and device for performing admission control on limited user group CSG terminal
本发明涉及移动通信技术领域, 特别是涉及一种对限定用户组 CSG终端 进行准入控制的方法及装置。  The present invention relates to the field of mobile communication technologies, and in particular, to a method and apparatus for performing admission control on a limited user group CSG terminal.
背景技术 Background technique
随着移动通信技术的发展, 出现了越来越多的移动通信***, 同时, 用 户需求随着移动通信技术的发展也越来越多样化, ***设备为了适应这种需 求也相应地出现了多样化, 备受关注的家庭室内覆盖和企业级的内部覆盖基 站以及一些其他受限网络应运而生。  With the development of mobile communication technology, more and more mobile communication systems have emerged. At the same time, user requirements are becoming more and more diversified with the development of mobile communication technologies. System devices have correspondingly appeared to meet this demand. The well-received home indoor coverage and enterprise-class internal coverage base stations and some other restricted networks have emerged.
其中, 在私有网络中引入了 CSG ( Closed Subscriber Group, 限定用户 组)技术。 例如, 在私有网络中, 如果用户 A签约到 CSG1内或者被 CSG1的管 理员添加到 CSG1内, 则用户 A被允许在 CSG1所包含的所有小区内正常驻留并 可以对 CSG1内所有私有网络设备进行业务接入; 如果用户 A没有签约到 CSG1 内, 也没有被 CSG1的管理员添加到 CSG1内, 则用户 A就会无法正常驻留到 CSG1所包含的小区, 也无法对 CSG1内的私有网络设备进行业务接入。 即, 引入了 CSG的私有网络只为 CSG的签约用户提供服务, 没有签约 CSG的用户 除进行紧急呼叫之外, 不允许对 CSG小区下的私有网络设备进行业务接入。  Among them, the CSG (Closed Subscriber Group) technology is introduced in the private network. For example, in a private network, if user A subscribes to CSG1 or is added to CSG1 by the administrator of CSG1, user A is allowed to normally camp in all cells included in CSG1 and can access all private network devices in CSG1. If the user A is not subscribed to the CSG1 and is not added to the CSG1 by the administrator of the CSG1, the user A cannot camp in the cell included in the CSG1 or the private network in the CSG1. The device performs service access. That is, the private network that has introduced the CSG only provides services for the subscribers of the CSG. The subscribers who do not subscribe to the CSG are not allowed to access the private network equipment under the CSG cell except for the emergency call.
但是, 发明人在研究中发现, 引入了 CSG技术的私有网络***至少存在 如下缺点: 当用户 A签约到 CSG1内或者被 CSG1的管理员添加到 CSG1内后, 用户 A被允许在 CSG1所包含的所有小区内正常驻留并可以对 CSG1内所有私有 网络设备进行业务接入, 但是, 在一个私有网络里, 对网络内的所有私有网 络设备进行业务接入必然会损害到私有网络设备拥有者的利益。 例如, 在家 庭基站的本地 IP接入中, 当作为家庭客人的某一个终端用户通过家庭基站接 入到一个家庭网络后, 可以对该家庭网络中的打印机、 复印机以及电视机等 任意家庭网络设备发起本地 IP接入业务, 这必然损害了家庭网络主人的隐 私, 进而也损害了家庭网络主人的利益。  However, the inventors found in the research that the private network system introducing the CSG technology has at least the following disadvantages: After the user A subscribes to the CSG1 or is added to the CSG1 by the administrator of the CSG1, the user A is allowed to be included in the CSG1. All cells in the cell are normally resident and can access services to all private network devices in the CSG1. However, in a private network, accessing services to all private network devices in the network necessarily damages the owner of the private network device. interest. For example, in the local IP access of the home base station, when a terminal user who is a family guest accesses a home network through the home base station, any home network device such as a printer, a copy machine, and a television in the home network may be used. Initiating a local IP access service, which inevitably damages the privacy of the home network owner, and thus the interests of the home network owner.
发明内容 Summary of the invention
本发明的实施例提供了一种对限定用户组 CSG终端进行准入控制的方法 及装置, 以在引入了 CSG技术的私有网络***中, 避免私有网络设备拥有者 的利益损失。 Embodiments of the present invention provide a method and apparatus for performing admission control on a limited user group CSG terminal to avoid private network device owners in a private network system that introduces CSG technology. Loss of interest.
本发明实施例公开了一种对限定用户组 CSG终端进行准入控制的方法, 包括: 接收 CSG签约终端发起的业务接入请求, 其中, 所述业务接入请求中 携带有指示所述 CSG签约终端请求接入的目标网络设备和请求进行的目标接 入类型的信息; 当保存的接入权限标识指示所述 CSG签约终端具有对所述目 标网络设备进行所述目标接入类型的权限时, 允许所述接入业务请求。  The embodiment of the invention discloses a method for performing admission control on a CSG terminal of a limited user group, including: receiving a service access request initiated by a CSG subscription terminal, where the service access request carries the indication of the CSG subscription The target network device that the terminal requests to access and the information of the target access type requested to be accessed; when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device, The access service request is allowed.
本发明实施例还公开了一种对 CSG终端进行准入控制的方法, 包括: 获 取准入控制信息, 所述准入控制信息中的接入权限标识用于标识 CSG签约终 端是否具有对 CSG小区下的私有网络设备进行接入业务的权限; 当所述接入 权限标识指示所述终端具有对目标网络设备进行目标接入类型的权限时, 发 起业务接入请求。  The embodiment of the present invention further discloses a method for performing admission control on a CSG terminal, including: obtaining admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has a CSG cell The private network device performs the access permission for the access service. When the access permission identifier indicates that the terminal has the right to perform the target access type on the target network device, the service access request is initiated.
本发明实施例还公开了一种对 CSG终端进行准入控制的装置, 包括: 接 收单元, 用于接收 CSG的签约终端发起的业务请求, 其中, 所述业务接入请 求中携带有指示所述 CSG签约终端请求接入的目标网络设备和请求进行的目 标接入类型的信息; 第一控制单元, 用于当保存的接入权限标识指示所述 CSG签约终端具有对所述目标网络设备进行所述目标接入类型的权限时, 允 许所述接入业务请求。  The embodiment of the invention further discloses an apparatus for performing admission control on a CSG terminal, comprising: a receiving unit, configured to receive a service request initiated by a subscription terminal of the CSG, where the service access request carries the indication The CSG subscription terminal requests the access target network device and the requested target access type information; the first control unit is configured to: when the saved access authority identifier indicates that the CSG subscription terminal has performed on the target network device When the rights of the target access type are described, the access service request is allowed.
本发明实施例还公开了一种终端设备, 包括: 获取单元, 用于获取准入 控制信息, 所述准入控制信息中的接入权限标识用于标识 CSG签约终端是否 具有对 CSG小区下的私有网络设备进行接入业务的权限; 第一控制单元, 用 于当所述接入权限标识指示所述终端具有对目标网络设备进行目标接入类型 的权限时, 发起业务接入请求。  The embodiment of the invention further discloses a terminal device, comprising: an obtaining unit, configured to acquire admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has a CSG cell And the first control unit is configured to initiate a service access request when the access authority identifier indicates that the terminal has the right to perform the target access type on the target network device.
本发明实施例还公开了一种网络管理设备, 包括: 设置单元, 用于为 CSG的签约终端设置准入控制信息, 所述准入控制信息中的接入权限标识用 于标识 CSG签约终端是否具有对 CSG小区下的私有网络设备进行接入业务的 权限; 准入控制信息更新单元, 用于根据用户的需求更新准入控制信息。  The embodiment of the present invention further discloses a network management device, including: a setting unit, configured to set admission control information for a CSG subscription terminal, where the access permission identifier in the admission control information is used to identify whether the CSG subscription terminal is The user has the right to access the private network device under the CSG cell; the admission control information updating unit is configured to update the admission control information according to the needs of the user.
由上述实施例可以看出, 在网络侧上判断 CSG签约终端是否能够对 CSG 小区下的目标网络设备进行目标接入类型的权限, 进一步阻止不具有对目标 网络设备进行目标接入业务的终端, 保护了私有网络设备拥有者的利益。 在基站上判断 CSG签约终端是否能够对 CSG小区下的目标网络设备进行 目标接入类型的权限, 进一步阻止了不具有对目标网络设备进行目标接入业 务的终端, 保护了私有网络设备拥有者的利益。 It can be seen from the foregoing embodiment that, on the network side, it is determined whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, and further prevent the terminal that does not have the target access service to the target network device. Protect the interests of private network device owners. Determining, by the base station, whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, further preventing the terminal that does not have the target access service to the target network device, and protecting the private network device owner. interest.
在终端侧获取了准入控制信息后, 终端通过判断其是否具有对目标网络 设备具有目标接入类型的权限, 从而可以在终端发起接入业务请求之前就予 以阻止, 保护了私有网络设备拥有者的利益, 进一步节省了空口和处理资 源。  After obtaining the admission control information on the terminal side, the terminal can prevent the target network device from having the target access type permission, so that the terminal can be blocked before the terminal initiates the access service request, and the private network device owner is protected. The benefits of further savings in air traffic and processing resources.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1为本发明一种对 CSG终端进行准入控制的方法的一个实施例的流程 图;  1 is a flow chart of an embodiment of a method for performing admission control on a CSG terminal according to the present invention;
图 2为本发明一种对 CSG终端进行准入控制的方法的另一个实施例的流程 图;  2 is a flow chart of another embodiment of a method for performing admission control on a CSG terminal according to the present invention;
图 3为本发明一种对 CSG终端进行准入控制的方法的另一个实施例的流程 图;  3 is a flow chart showing another embodiment of a method for performing admission control on a CSG terminal according to the present invention;
图 4为本发明中一种对 CSG终端进行准入控制的装置的一个实施例的结构 图;  4 is a structural diagram of an embodiment of an apparatus for performing admission control on a CSG terminal according to the present invention;
图 5为本发明一种对 CSG终端进行准入控制的装置的另一个实施例的结构 图;  5 is a structural diagram of another embodiment of an apparatus for performing admission control on a CSG terminal according to the present invention;
图 6为本发明一种终端设备的一个实施例的结构图。  FIG. 6 is a structural diagram of an embodiment of a terminal device according to the present invention.
具体实施方式 detailed description
为使本发明的上述目的、 特征和优点能够更加明显易懂, 下面结合附图 对本发明实施例进行详细描述。 实施例一  The above described objects, features, and advantages of the present invention will become more apparent from the aspects of the invention. Embodiment 1
请参阅图 1 , 其为本发明一种对 CSG终端进行准入控制的方法的一个实施 例的流程图, 在本实施例中, 由 CSG的签约终端向网络侧实体或者基站发起 业务接入请求, 由网络侧实体或者基站根据保存的准入控制信息对 CSG终端 进行准入控制。 该方法具体包括以下步骤: Please refer to FIG. 1 , which is an implementation of a method for performing admission control on a CSG terminal according to the present invention. For example, in the embodiment, the CSG subscription terminal initiates a service access request to the network side entity or the base station, and the network side entity or the base station performs admission control on the CSG terminal according to the saved admission control information. The method specifically includes the following steps:
步骤 101 : 接收 CSG的签约终端发起的业务接入请求, 其中, 所述业务接 入请求中携带有指示所述 CSG签约终端请求接入的目标网络设备和请求进行 的目标接入类型的信息;  Step 101: Receive a service access request initiated by a subscription terminal of the CSG, where the service access request carries information indicating a target network device requested by the CSG subscription terminal and a target access type requested to be performed;
其中, 当所述准入控制信息保存在核心网侧时, 核心网侧实体接收 CSG 签约终端发送的承载建立请求消息; 或者, 核心网侧实体接收 CSG签约终端 通过基站转发的承载建立请求消息, 所述承载建立请求消息中包含目标接入 类型标识和目标网路设备标识。  When the admission control information is stored on the core network side, the core network side entity receives the bearer setup request message sent by the CSG subscription terminal; or the core network side entity receives the bearer setup request message forwarded by the CSG subscription terminal through the base station, The bearer setup request message includes a target access type identifier and a target network device identifier.
当所述准入控制信息保存在接入网侧时, 基站接收所述 CSG签约终端发 送的承载建立请求消息; 或者, 基站接收所述 CSG签约终端通过核心网侧实 体发送的承载建立请求消息, 所述承载建立请求消息中包含目标接入类型标 识和目标网络设备标识。  When the admission control information is stored on the access network side, the base station receives the bearer setup request message sent by the CSG subscription terminal; or the base station receives the bearer setup request message sent by the CSG subscription terminal through the core network side entity, The bearer setup request message includes a target access type identifier and a target network device identifier.
步骤 102: 当保存的接入权限标识指示所述 CSG签约终端具有对所述目标 网络设备进行所述目标接入类型的权限时, 允许所述接入业务请求。  Step 102: Allow the access service request when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
其中, 所述接入权限标识具体为第一类权限标识或者第二类权限标识, 其中, 所述第一类权限标识用于统一标识 CSG签约终端是否具有对 CSG小区 下的所有私有网络设备进行接入的权限, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小区下的各个私有网络设备进行接入的权限。  The access permission identifier is specifically a first type of rights identifier or a second type of rights identifier, where the first type of rights identifier is used to uniformly identify whether the CSG subscription terminal has performed on all private network devices in the CSG cell. Access rights, the second type of rights identifiers are used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
所述接入权限标识具体为第一类权限标识时, 当所述第一类权限标识指 示所述 CSG签约终端具有对 CSG小区下的所有私有网络设备进行所述目标接 入类型的权限时, 允许所述业务接入请求;  When the access authority identifier is specifically the first type of the rights identifier, when the first type of the rights indicator indicates that the CSG subscription terminal has the right to perform the target access type for all the private network devices in the CSG cell, Allowing the service access request;
所述接入权限标识具体为第二类权限标识时, 当所述第二类权限标识指 示所述 CSG签约终端具有对所述目标网络设备进行所述目标接入类型的权限 时, 允许所述业务接入请求。  When the access permission identifier is specifically the second type of the rights identifier, when the second type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type on the target network device, the Service access request.
其中, 所述目标接入类型包括: 本地 IP接入和远程接入。  The target access type includes: local IP access and remote access.
需要说明的是, 本发明实施例还可以进一步包括: 当保存的接入权限标 识指示所述 CSG签约终端不具有对所述目标网络设备进行所述目标接入类型 的权限时, 拒绝所述业务接入请求。 It should be noted that, the embodiment of the present invention may further include: when the saved access authority identifier indicates that the CSG subscription terminal does not have the target access type for the target network device When the permission is granted, the service access request is rejected.
通过上述实施例可以看出, 在网络侧上判断 CSG签约终端是否能够对 CSG小区下的目标网络设备进行目标接入类型的权限, 进一步阻止不具有对 目标网络设备进行目标接入业务的终端, 保护了私有网络设备拥有者的利 益。  The foregoing embodiment can be used to determine, on the network side, whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, and further prevent the terminal that does not have the target access service to the target network device. Protect the interests of private network device owners.
在基站上判断 CSG签约终端是否能够对 CSG小区下的目标网络设备进行 目标接入类型的权限, 进一步阻止了不具有对目标网络设备进行目标接入业 务的终端, 保护了私有网络设备拥有者的利益。 实施例二  Determining, by the base station, whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, further preventing the terminal that does not have the target access service to the target network device, and protecting the private network device owner. interest. Embodiment 2
请参阅图 2 , 其为本发明一种对 CSG终端进行准入控制的方法的另一个实 施例的流程图。 在本实施例中, 由 CSG的签约终端获取准入控制信息, 再根 据准入控制信息对终端进行准入控制。 该方法具体包括以下步骤:  Please refer to FIG. 2, which is a flowchart of another embodiment of a method for performing admission control on a CSG terminal according to the present invention. In this embodiment, the admission control information is obtained by the contracting terminal of the CSG, and the terminal is subjected to admission control according to the admission control information. The method specifically includes the following steps:
步骤 201 : 获取准入控制信息, 所述准入控制信息中的接入权限标识用于 标识 CSG签约终端是否具有对 CSG小区下的私有网络设备进行接入业务的权 限;  Step 201: Obtain admission control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell.
其中, 所述准入控制信息包含有第一类权限标识或第二类权限标识, 其 中, 所述第一类权限标识用于统一标识 CSG签约终端是否具有对 CSG小区下 的所有私有网络设备进行接入的权限, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小区下的各个私有网络设备进行接入的权限。  The admission control information includes a first type of rights identifier or a second type of rights identifier, where the first type of rights identifier is used to uniformly identify whether the CSG subscription terminal has all private network devices under the CSG cell. Access rights, the second type of rights identifiers are used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
同时, 所述获取准入控制信息可以通过下述方式中的任意一种方式实 现:  Meanwhile, the obtaining the admission control information may be implemented by any one of the following methods:
接收开放移动联盟设备管理 OMA DM服务器通过 OMA DM方式发送所述 准入控制信息;  Receiving the Open Mobile Alliance device management OMA DM server sends the admission control information by means of OMA DM;
或者,  Or,
接收网络侧实体通过非接入层 NAS信令发送的所述准入控制信息; 或者,  Receiving, by the network side entity, the admission control information sent by the non-access stratum NAS signaling; or
接收基站通过无线资源控制 RRC信令发送的所述准入控制信息。  And receiving the admission control information sent by the base station by using radio resource control RRC signaling.
步骤 202: 当所述接入权限标识指示所述终端具有对目标网络设备进行目 标接入类型的权限时, 发起业务接入请求。 Step 202: When the access authority identifier indicates that the terminal has a target network device When the access type is granted, a service access request is initiated.
其中, 所述接入权限标识具体为第一类权限标识时, 当所述第一类权限 标识指示所述 CSG签约终端具有对 CSG小区下的所有私有网络设备进行所述 目标接入类型的权限时, 允许所述业务接入请求;  When the access permission identifier is specifically the first type of the rights identifier, the first type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type for all the private network devices in the CSG cell. Allowing the service access request;
所述接入权限标识具体为第二类权限标识时, 当所述第二类权限标识指 示所述 CSG签约终端具有对所述目标网络设备进行所述目标接入类型的权限 时, 允许所述业务接入请求。  When the access permission identifier is specifically the second type of the rights identifier, when the second type of the rights indicator indicates that the CSG signing terminal has the right to perform the target access type on the target network device, the Service access request.
所述目标接入类型包括: 本地 IP接入和远程接入。  The target access types include: local IP access and remote access.
需要说明的是, 本发明实施例还可以进一步包括: 当保存的接入权限标 识指示所述 CSG签约终端不具有对所述目标网络设备进行所述目标接入类型 的权限时, 拒绝所述业务接入请求。  It should be noted that, the embodiment of the present invention may further include: rejecting the service when the saved access authority identifier indicates that the CSG subscription terminal does not have the right to perform the target access type on the target network device. Access request.
此外, 当允许终端向网络侧实体或者基站发起对所述私有网络设备的业 务接入请求后, 本实施例还可以进一步包括: 由所述网络侧实体或者基站根 据保存的准入控制信息对所述终端进行进一步的准入控制。 其中, 所述准入 控制的方法可以与实施例一中的准入控制方法相同, 本发明并不对此进行限 定。  In addition, after the terminal is allowed to initiate a service access request to the private network device to the network side entity or the base station, the embodiment may further include: the network side entity or the base station according to the saved admission control information The terminal performs further admission control. The method for the admission control may be the same as the method for admission control in the first embodiment, and the present invention does not limit the method.
通过上述实施例可以看出, 在终端侧获取了准入控制信息后, 终端通过 判断其是否具有对目标网络设备具有进行目标接入类型的权限, 从而可以在 终端发起业务接入请求之前就予以阻止, 保护了私有网络设备拥有者的利 益, 进一步节省了空口和处理资源。  It can be seen that, after the terminal side obtains the admission control information, the terminal determines whether it has the right to perform the target access type on the target network device, so that the terminal can perform the service access request before the terminal initiates the service access request. Blocking, protecting the interests of private network device owners, further saving air traffic and processing resources.
当本实施例进一步包括由网络侧实体或基站对发起业务接入请求的终端 进行准入控制时, 进一步阻止了不具有对目标网络设备进行目标接入类型的 权限的终端, 保护了私有网络设备拥有者的利益。 实施例三  When the embodiment further includes the network side entity or the base station performing the admission control on the terminal that initiates the service access request, the terminal that does not have the right to perform the target access type on the target network device is further blocked, and the private network device is protected. The interests of the owner. Embodiment 3
请参阅图 3 , 其为本发明一种对 CSG终端进行准入控制的方法的另一个实 施例的流程图, 本实施例以家庭小区中的 CSG的签约终端对家庭小区中的家 庭网络设备进行 Local IP Access本地 IP接入类型的业务接入为应用场景, 详细 说明对 CSG签约终端进行控制的方法。 具体可以包括以下步骤: 步骤 301 : CSG管理员预先为 CSG的签约终端设置准入控制信息, 所述准 入控制信息中的接入权限标识用于标识 CSG签约终端是否具有对 CSG小区下 的私有网络设备进行本地 IP接入的权限; Referring to FIG. 3, it is a flowchart of another embodiment of a method for performing admission control on a CSG terminal according to the present invention. In this embodiment, a CSG subscription terminal in a home cell performs a home network device in a home cell. The service access of the Local IP Access local IP access type is an application scenario. The method for controlling the CSG subscription terminal is described in detail. Specifically, the following steps may be included: Step 301: The CSG administrator sets the admission control information for the CSG subscription terminal in advance. The access permission identifier in the admission control information is used to identify whether the CSG subscription terminal has local IP connection to the private network device under the CSG cell. Access rights;
其中, 所述准入控制信息除了由 CSG管理员进行设置外, 还可以由网络 侧实体进行设置, 本发明实施例对此并不限定。  The admission control information may be set by the network side entity in addition to the setting by the CSG administrator, which is not limited by the embodiment of the present invention.
CSG管理员可以将准入控制信息中的接入权限标识设置第一类权限标 识, 所述第一类权限标识用于统一标识 CSG签约终端是否具有对 CSG小区下 的所有私有网络设备进行接入的权限。 例如, 准入控制信息以现有的 ACL ( Allowed CSG list, 允许的限定用户组列表) 的扩展形式存在, 如表 1所示, 表 1为包含第一类权限标识的 ACL。 在 ACL中包括有各个 CSG小区中家庭网络 设备的标识和为 CSG小区下的所有家庭网络设备设置的第一类权限标识, 由 第一类权限标识指示该 CSG的签约终端在驻留到该 CSG小区后, 是否可以对 该 CSG小区下的所有家庭网络设备进行本地 IP接入。 在本实施例中, 第一类 权限标识可以利用一位二进制数表示, 例如, 当第一类权限标识为 1时, 表示 允许对该 CSG小区下的所有家庭网络设备进行本地 IP 接入, 当第一类权限 标识为 0时, 表示拒绝对该 CSG小区下的所有家庭网络设备进行本地 IP接入。  The CSG administrator can set the access authority identifier in the admission control information to the first type of rights identifier, and the first type of the rights identifier is used to uniformly identify whether the CSG subscription terminal has access to all private network devices in the CSG cell. permission. For example, the admission control information exists in an extended form of an existing ACL (Allowed CSG list). As shown in Table 1, Table 1 is an ACL containing the first type of permission identifier. The ACL includes an identifier of the home network device in each CSG cell and a first type of rights identifier set for all home network devices in the CSG cell, and the first type of rights identifier indicates that the CSG subscription terminal is camped on the CSG. After the cell, whether local IP access can be performed to all home network devices under the CSG cell. In this embodiment, the first type of privilege identifier may be represented by a one-digit binary number. For example, when the first type of privilege identifier is 1, it indicates that all home network devices under the CSG cell are allowed to perform local IP access. When the first type of authority identifier is 0, it indicates that local IP access of all home network devices under the CSG cell is denied.
当存在多个目标接入类型, 例如, 本地 IP接入和远程接入时, 第一类权 限标识还可以由一个两位二进制数表示, 当第一类权限标识为 11时, 表示允 许对该 CSG小区下的所有家庭网络设备进行本地 IP接入和远程接入; 当第一 权限标识为 10时, 表示允许对该 CSG小区下的所有家庭网络设备进行本地 IP 接入, 但拒绝对该 CSG小区下的所有家庭网络设备进行远程接入; 当第一类 权限标识为 01时, 表示拒绝对该 CSG小区下的所有家庭网络设备进行本地 IP 接入, 但允许对该 CSG小区下的所有家庭网络设备进行远程接入; 当第一类 权限标识为 00时, 表示拒绝对该 CSG小区下的所有家庭网络设备进行本地 IP 接入和远程接入。  When there are multiple target access types, for example, local IP access and remote access, the first type of rights identifier may also be represented by a two-digit binary number. When the first type of rights identifier is 11, it indicates that the All the home network devices in the CSG cell perform local IP access and remote access. When the first privilege identifier is 10, it indicates that all home network devices under the CSG cell are allowed to perform local IP access, but the CSG is rejected. All the home network devices in the cell are remotely accessed. When the first type of rights identifier is 01, the user is denied local IP access to all the home network devices in the CSG cell, but all the families in the CSG cell are allowed. The network device performs remote access. When the first type of permission identifier is 00, it indicates that local IP access and remote access are denied to all home network devices under the CSG cell.
此外, CSG管理员可以将准入控制信息中的接入权限标识设置第二类权 限标识, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小 区下的各个私有网络设备进行接入的权限。 例如, 准入控制信息仍旧以现有 的 ACL的扩展形式存在, 如表 2所示, 表 2为包含第二类权限标识的 ACL。 在 ACL中包括有各个 CSG小区中家庭网络设备的标识和为 CSG小区下的每个家 庭网络设备单独设置的第二类权限标识, 由第二类权限标识指示该 CSG的签 约终端在驻留到该 CSG小区后, 是否可以对该 CSG小区下的相应家庭网络设 备进行本地 IP接入。 在本实施例中, 第二类权限标识可以利用一位二进制数 表示, 例如当第二类权限标识为 1时, 表示允许对该 CSG小区下的相应家庭网 络设备进行本地 IP 接入, 当第二类权限标识为 0时, 表示拒绝对该 CSG小区 下的相应家庭网络设备进行本地 IP接入。 In addition, the CSG administrator may set the access authority identifier in the admission control information to the second type of rights identifier, where the second type of the rights identifier is used to identify whether the CSG subscription terminal has the private network device under the CSG cell. Access rights. For example, the admission control information still exists in an extended form of the existing ACL, as shown in Table 2, and Table 2 is an ACL containing the second type of authority identifier. in The ACL includes an identifier of the home network device in each CSG cell and a second type of rights identifier separately set for each home network device in the CSG cell, and the second type of rights identifier indicates that the CSG subscription terminal is camped on the After the CSG cell, whether local IP access can be performed to the corresponding home network device under the CSG cell. In this embodiment, the second type of privilege identifier may be represented by a one-digit binary number. For example, when the second type of privilege identifier is 1, it indicates that local IP access of the corresponding home network device under the CSG cell is allowed. When the type 2 permission identifier is 0, it indicates that the local IP access of the corresponding home network device under the CSG cell is denied.
表 1为包含第一类权限标识的 ACL  Table 1 is the ACL that contains the first type of permission ID.
Figure imgf000010_0001
Figure imgf000010_0001
当存在多个目标接入类型, 例如, 本地 IP接入和远程接入时, 第二类权 限标识还可以由一个两位二进制数表示, 当第二类权限标识为 11时, 表示允 许对该 CSG小区下的相应家庭网络设备进行本地 IP接入和远程接入; 当第二 权限标识为 10时, 表示允许对该 CSG小区下的相应家庭网络设备进行本地 IP 接入, 但拒绝对该 CSG小区下的相应家庭网络设备进行远程接入; 当第一类 权限标识为 01时, 表示拒绝对该 CSG小区下的相应家庭网络设备进行本地 IP 接入, 但允许对该 CSG小区下的相应家庭网络设备进行远程接入; 当第一类 权限标识为 00时, 表示拒绝对该 CSG小区下的相应家庭网络设备进行本地 IP 接入和远程接入。  When there are multiple target access types, for example, local IP access and remote access, the second type of rights identifier may also be represented by a two-digit binary number. When the second type of rights identifier is 11, it indicates that the The corresponding home network device in the CSG cell performs local IP access and remote access; when the second privilege identifier is 10, it indicates that local IP access of the corresponding home network device under the CSG cell is allowed, but the CSG is rejected. The corresponding home network device in the cell performs remote access; when the first type of rights identifier is 01, it indicates that local IP access is denied to the corresponding home network device in the CSG cell, but the corresponding home under the CSG cell is allowed. The network device performs remote access; when the first type of permission identifier is 00, it indicates that local IP access and remote access are denied to the corresponding home network device under the CSG cell.
上述家庭网络设备标识可以釆用 FQDN的方式, 例如, 后缀可以是 TV@H(e)NBID.PLMNID.COM, 也可以釆用 [email protected], 或 者 www.xxx.com, 也有可能是其它的格式, 以使得家庭网络设备标识在一定 范围或者全球范围内唯一。 当然, 家庭网络设备标识也可以釆用其它任意形 式。 本发明实施例并不对此进行限定。 所述设置后的准入控制信息可以保存在核心网侧或者接入网侧, 也可以由终 端从网络侧实体或者基站获取所述设置后的准入控制信息。 表 2为包含第二类权限标识的 ACL The above home network device identifier may be in the form of an FQDN. For example, the suffix may be TV@H(e)NBID.PLMNID.COM, or [email protected], or www.xxx.com, or Other formats are such that the home network device identification is unique within a certain range or globally. Of course, the home network device identifier can also be used in any other form. The embodiments of the present invention are not limited thereto. The set admission control information may be stored on the core network side or the access network side, or the terminal may obtain the set admission control information from the network side entity or the base station. Table 2 is the ACL containing the second type of permission identifier.
Figure imgf000011_0001
步骤 302: 终端向核心网侧实体发起承载建立请求消息;
Figure imgf000011_0001
Step 302: The terminal initiates a bearer setup request message to the core network side entity.
其中, 当设置后的准入控制信息保存在核心网侧时, 终端向核心网侧实 体发送承载建立请求消息, 除此之外, 终端还可以向基站发送承载建立请求 消息, 再由基站将所述承载建立请求消息转发给核心网侧实体。  The terminal sends a bearer setup request message to the core network side entity, and the terminal may further send a bearer setup request message to the base station, and then the base station sends the bearer setup request message to the base station. The bearer setup request message is forwarded to the core network side entity.
当准入控制信息保存在接入网侧时, 终端可以向基站发送承载建立请求 消息, 除此之外, 终端还可以向核心网侧实体发送承载建立请求消息, 再由 核心网侧实体将所述承载建立请求消息转发给基站。  When the admission control information is stored on the access network side, the terminal may send a bearer setup request message to the base station. In addition, the terminal may also send a bearer setup request message to the core network side entity, and then the core network side entity will The bearer setup request message is forwarded to the base station.
所述核心网侧实体可以为核心网的节点 MME ( Mobility Management The core network side entity may be a node MME of the core network (Mobility Management)
Entity, 移动性管理实体)或者 SGSN ( Serving GPRS Support Node, GPRS服 务支撑节点) 。 所述承载建立请求消息中包含目标接入类型标识和目标网络设备标识。 步骤 303: 核心网侧实体根据准入控制信息中的接入权限标识, 判断所述 终端是否有对承载建立消息中的目标网络设备标识所指示的目标网络设备进 行目标接入类型标识所指示的目标接入的权限, 如果是, 进入步骤 304 , 如果 否, 进入步骤 305; Entity, mobility management entity) or SGSN (Serving GPRS Support Node). The bearer setup request message includes a target access type identifier and a target network device identifier. Step 303: The core network side entity determines, according to the access authority identifier in the admission control information, whether the terminal has the target access type identifier indicated by the target network device indicated by the target network device identifier in the bearer setup message. The access permission of the target, if yes, proceeds to step 304, if no, proceeds to step 305;
其中, 核心网侧实体可以根据准入控制信息中的第一类权限标识的内 容, 判断所述终端是否有对目标网络设备进行目标接入的权限, 或者, 根据 准入控制信息中的第二类权限标识的内容, 判断所述终端是否有对目标网络 设备进行目标接入的权限。  The core network side entity may determine, according to the content of the first type of permission identifier in the admission control information, whether the terminal has the right to perform target access to the target network device, or according to the second in the admission control information. The content of the class permission identifier determines whether the terminal has the right to target access to the target network device.
当准入控制信息保存在基站时, 由基站可以根据准入控制信息中的第一 类权限标识的内容, 判断所述终端是否有对目标网络设备进行目标接入的权 限, 或者, 根据准入控制信息中的第二类权限标识的内容, 判断所述终端是 否有对目标网络设备进行目标接入的权限。  When the admission control information is stored in the base station, the base station may determine, according to the content of the first type of permission identifier in the admission control information, whether the terminal has the right to perform target access to the target network device, or according to the admission. The content of the second type of authority identifier in the control information is used to determine whether the terminal has the right to perform target access to the target network device.
步骤 304: 允许所述终端的接入业务请求;  Step 304: Allow an access service request of the terminal.
步骤 305: 拒绝所述终端的业务接入请求。  Step 305: Reject the service access request of the terminal.
需要说明的是, 当终端从基站或者核心网侧实体获取准入控制信息时, 省略步骤 302, 由终端直接根据所述准入控制信息中的接入权限标识, 判断是 否由对目标网络设备进行目标接入的权限, 如果是, 允许终端对所述目标网 络设备发起业务接入请求, 如果否, 拒绝终端对所述目标网络设备发起业务 接入请求。  It is to be noted that when the terminal obtains the admission control information from the base station or the core network side entity, step 302 is omitted, and the terminal directly determines whether the target network device is performed according to the access authority identifier in the admission control information. The right of the target access, if yes, allows the terminal to initiate a service access request to the target network device, and if not, the terminal refuses to initiate a service access request to the target network device.
通过上述实施例可以看出, 在网络侧上判断 CSG签约终端是否能够对 CSG小区下的目标网络设备进行目标接入类型的权限, 进一步阻止不具有对 目标网络设备进行业务接入的终端, 保护了私有网络设备拥有者的利益。  As shown in the foregoing embodiment, it can be seen that, on the network side, it is determined whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, and further prevents the terminal that does not have the service access to the target network device from being protected. The interests of private network device owners.
在基站上判断 CSG签约终端是否能够对 CSG小区下的目标网络设备进行 目标接入类型的权限, 进一步阻止了不具有对目标网络设备进行业务接入的 终端, 保护了私有网络设备拥有者的利益。  Determining, by the base station, whether the CSG subscription terminal can perform the target access type permission on the target network device in the CSG cell, further preventing the terminal that does not have the service access to the target network device, and protecting the interests of the private network device owner. .
在终端侧获取了准入控制信息后, 终端通过判断其是否具有对目标网络 设备具有进行目标接入类型的权限, 从而可以在终端发起业务接入请求之前 就予以阻止, 保护了私有网络设备拥有者的利益, 进一步节省了空口和处理 资源。 实施例四 After obtaining the admission control information on the terminal side, the terminal can prevent the target network device from having the target access type permission, so that the terminal can prevent the private network device from being owned before the terminal initiates the service access request. Benefits, further saving air and processing Resources. Embodiment 4
与上述实施例一中一种对 CSG终端进行控制的方法相对应, 本发明实施 例还提供了一种对 CSG终端进行准入控制的装置。 请参阅图 4, 其为本发明一 种对 CSG终端进行控制的装置的一个实施例结构图, 该装置包括接收单元 401 和第一控制单元 402。 下面结合该装置的工作原理进一步介绍其内部结构以及 连接关系。  Corresponding to the method for controlling the CSG terminal in the first embodiment, the embodiment of the present invention further provides an apparatus for performing admission control on the CSG terminal. Referring to FIG. 4, which is a structural diagram of an embodiment of an apparatus for controlling a CSG terminal according to the present invention, the apparatus includes a receiving unit 401 and a first control unit 402. The internal structure and connection relationship are further described below in conjunction with the working principle of the device.
接收单元 401 , 用于接收 CSG签约终端发起的业务请求, 其中, 所述业务 接入请求中携带有指示所述 CSG签约终端请求接入的目标网络设备和请求进 行的目标接入类型的信息;  The receiving unit 401 is configured to receive a service request initiated by the CSG subscription terminal, where the service access request carries information indicating a target network device requested by the CSG subscription terminal and a target access type requested to be performed;
第一控制单元 402 , 用于当保存的接入权限标识指示所述 CSG签约终端具 有对所述目标网络设备进行所述目标接入类型的权限时, 允许所述接入业务 请求。  The first control unit 402 is configured to allow the access service request when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
其中, 当准入控制信息保存在核心网侧时, 接收单元 401具体可以为: 第 一接收单元子或者第二接收子单元,  The receiving unit 401 may be specifically: a first receiving unit or a second receiving sub-unit, when the admission control information is saved on the core network side,
第一接收子单元, 用于接收所述终端发送的承载建立请求消息; 第二接收子单元, 用于接收基站转发的承载建立请求消息, 所述承载建 立请求消息中包含目标接入类型标识和目标网络设备标识。  a first receiving subunit, configured to receive a bearer setup request message sent by the terminal, where the second receiving subunit is configured to receive a bearer setup request message forwarded by the base station, where the bearer setup request message includes a target access type identifier and Target network device ID.
当准入控制信息保存在接入网侧时, 接收单元 401具体可以为: 第三接收 子单元或者第四接收子单元,  When the admission control information is stored on the access network side, the receiving unit 401 may specifically be: a third receiving subunit or a fourth receiving subunit,
第三接收子单元, 用于接收终端发送的承载建立请求消息;  a third receiving subunit, configured to receive a bearer setup request message sent by the terminal;
第四接收子单元, 用于接收核心网侧实体转发的承载建立请求消息, 所 述承载建立请求消息中包含目标接入类型标识和目标网络设备标识。  And a fourth receiving subunit, configured to receive a bearer setup request message forwarded by the core network side entity, where the bearer setup request message includes a target access type identifier and a target network device identifier.
第一控制单元 402可以具体为: 第一类权限标识控制子单元或者第二类权 限标识控制子单元, 其中,  The first control unit 402 may be specifically: a first type of rights identifier control subunit or a second type of rights identifier control subunit, where
第一类权限标识控制子单元, 用于根据所述第一类权限标识的内容, 当 所述 CSG签约终端具有对 CSG小区下的所有私有网络设备进行所述目标接入 类型的权限时, 允许所述业务接入请求, 所述第一类权限标识用于统一标识 CSG签约终端是否具有对 CSG小区下的所有私有网络设备进行接入的权限; 第二类权限标识控制子单元, 根据所述第二类权限标识的内容, 当所述a first type of rights identifier control subunit, configured to allow, according to the content of the first type of rights identifier, when the CSG subscription terminal has the right to perform the target access type for all private network devices under the CSG cell, The service access request, the first type of permission identifier is used for unified identification Whether the CSG subscription terminal has the right to access all private network devices under the CSG cell; the second type of permission identification control sub-unit, according to the content of the second type of permission identification, when
CSG签约终端具有对所述目标网络设备进行所述目标接入类型的权限时, 允 许所述业务接入请求, 所述第二类权限标识用于分别标识 CSG签约终端是否 具有对 CSG小区下的各个私有网络设备进行接入的权限。 When the CSG subscription terminal has the right to perform the target access type on the target network device, the service access request is allowed, and the second type of permission identifier is used to identify whether the CSG subscription terminal has a CSG cell. Permission to access each private network device.
本发明实施例还可以进一步包括第二控制单元 403 , 用于当保存的接入权 限标识指示所述 CSG签约终端不具有对所述目标网络设备进行所述目标接入 类型的权限时, 拒绝所述业务接入请求。  The embodiment of the present invention may further include a second control unit 403, configured to: when the saved access authority identifier indicates that the CSG subscription terminal does not have the right to perform the target access type on the target network device, Said service access request.
由上述实施例可以看出, 在网络侧上判断 CSG签约终端是否能够对 CSG 小区下的私有网络设备进行目标接入类型的权限, 进一步阻止不具有对目标 网络设备进行业务接入的终端, 保护了私有网络设备拥有者的利益。  It can be seen from the foregoing embodiment that, on the network side, it is determined whether the CSG subscription terminal can perform the target access type permission on the private network device in the CSG cell, and further prevent the terminal that does not have the service access to the target network device, and protect the terminal. The interests of private network device owners.
在基站上判断 CSG签约终端是否能够对 CSG小区下的私有网络设备进行 目标接入类型的权限, 进一步阻止了不具有对目标网络设备进行业务接入的 终端, 保护了私有网络设备拥有者的利益。 实施例五  Determining, by the base station, whether the CSG subscription terminal can perform the target access type permission on the private network device under the CSG cell, further preventing the terminal that does not have the service access to the target network device, and protecting the interests of the private network device owner. . Embodiment 5
与上述实施例二中一种对 CSG终端进行准入控制的方法相对应, 本发明 实施例还提供了一种终端设备。 请参阅图 5 , 其为本发明一种终端设备的一个 实施例结构图, 该装置包括: 获取单元 501和第一控制单元 502。 下面结合该 装置的工作原理进一步介绍其内部结构以及连接关系。  Corresponding to the method for performing admission control on the CSG terminal in the second embodiment, the embodiment of the present invention further provides a terminal device. Referring to FIG. 5, which is a structural diagram of an embodiment of a terminal device according to the present invention, the device includes: an obtaining unit 501 and a first control unit 502. The internal structure and connection relationship will be further described below in conjunction with the working principle of the device.
获取单元 501 , 用于获取准入控制信息, 所述准入控制信息中的接入权限 标识用于标识 CSG签约终端是否具有对 CSG小区下的私有网络设备进行接入 业务的权限;  The obtaining unit 501 is configured to obtain the access control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell.
第一控制单元 502 , 用于当所述接入权限标识指示所述终端具有对目标网 络设备进行目标接入类型的权限时, 发起业务接入请求。  The first control unit 502 is configured to initiate a service access request when the access authority identifier indicates that the terminal has the right to perform a target access type on the target network device.
其中, 获取单元 501可以具体为: 第一获取子单元、 第二获取子单元或者 第三获取子单元,  The obtaining unit 501 may be specifically: a first acquiring subunit, a second acquiring subunit, or a third acquiring subunit,
第一获取子单元, 用于接收开放移动联盟设备管理 OMA DM服务器通过 OMA DM的方式发送的所述准入控制信息; 第二获取子单元, 用于接收网络侧实体通过 NAS信令发送的所述准入控 制信息; a first acquiring subunit, configured to receive, by the Open Mobile Alliance device, the OMA DM server, the admission control information sent by using an OMA DM; a second acquiring subunit, configured to receive the admission control information that is sent by the network side entity by using NAS signaling;
第三获取子单元, 用于接收基站通过 RRC信令发送的所述准入控制信 息。  And a third acquiring subunit, configured to receive the admission control information sent by the base station by using RRC signaling.
第一控制单元 502可以具体为: 第一类权限标识控制子单元或者第二类权 限标识控制子单元, 其中,  The first control unit 502 may be specifically: a first type of rights identifier control subunit or a second type of rights identifier control subunit, where
第一类权限标识控制子单元, 用于根据所述第一类权限标识的内容, 当 所述终端具有对 CSG小区下的所有私有网络设备进行所述目标接入类型的权 限时, 允许所述业务接入请求, 所述第一类权限标识用于统一标识 CSG签约 终端是否具有对 CSG小区下的所有私有网络设备进行接入的权限;  a first type of rights identifier control subunit, configured to allow, according to the content of the first type of rights identifier, when the terminal has the right to perform the target access type for all private network devices under the CSG cell, a service access request, where the first type of authority identifier is used to uniformly identify whether the CSG subscription terminal has the right to access all private network devices in the CSG cell;
第二类权限标识控制子单元, 根据所述第二类权限标识的内容, 当所述 终端具有对所述目标网络设备进行所述目标接入类型的权限时, 允许所述业 务接入请求, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小区下的各个私有网络设备进行接入的权限。  a second type of rights identifier control sub-unit, according to the content of the second type of rights identifier, when the terminal has the right to perform the target access type on the target network device, allowing the service access request, The second type of rights identifier is used to identify whether the CSG signing terminal has the right to access the private network devices in the CSG cell.
本发明实施例还可以进一步包括第二控制单元 503 , 用于所述接入权限标 识指示所述终端不具有对目标网络设备进行目标接入类型的权限时, 不发起 业务接入请求。  The embodiment of the present invention may further include a second control unit 503, configured to not initiate a service access request when the access authority identifier indicates that the terminal does not have the right to perform the target access type on the target network device.
通过上述实施可以看出, 在终端侧获取了准入控制信息后, 终端通过判 断其是否具有对目标网络设备具有进行业务接入类型的权限, 从而可以在终 端发起业务请求之前就予以阻止, 保护了私有网络设备拥有者的利益, 进一 步节省了空口和处理资源。 实施例六  Through the foregoing implementation, it can be seen that after obtaining the admission control information on the terminal side, the terminal can prevent the target network device from having the service access type permission, so that the terminal can be blocked and protected before the terminal initiates the service request. The interests of private network equipment owners further save air and process resources. Embodiment 6
本发明实施例还提供了一种网络管理设备, 请参阅图 6所示, 其为一种网 络管理设备的一个实施例结构图。 所述装置包括: 设置单元 601和准入控制信 息更新单元 602, 其中,  The embodiment of the present invention further provides a network management device. Referring to FIG. 6, it is a structural diagram of an embodiment of a network management device. The device includes: a setting unit 601 and an admission control information updating unit 602, where
设置单元 601 , 用于为 CSG签约终端设置准入控制信息, 所述准入控制信 息中的接入权限标识用于标识 CSG签约终端是否具有对 CSG小区下的私有网 络设备进行接入业务的权限; 准入控制信息更新单元 602, 用于根据用户的需求更新准入控制信息。 其中, 设置单元 601可以具体为第一设置子单元或者第二设置子单元, 第 一设置子单元, 用于设置第一类权限标识, 所述第一类权限标识用于统一标 识 CSG签约终端是否具有对 CSG小区下的所有私有网络设备进行接入的权 限; The setting unit 601 is configured to set the admission control information for the CSG subscription terminal, where the access permission identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell. ; The admission control information updating unit 602 is configured to update the admission control information according to the needs of the user. The setting unit 601 may be specifically a first setting subunit or a second setting subunit, where the first setting subunit is configured to set a first type of permission identifier, where the first type of permission identifier is used to uniformly identify whether the CSG subscription terminal is Having access to all private network devices under the CSG cell;
第二设置子单元, 用于设置第二类权限标识, 所述第二类权限标识用于 分别标识 CSG签约终端是否具有对 CSG小区下的各个私有网络设备进行接入 的权限。  The second setting sub-unit is configured to set a second type of permission identifier, where the second type of permission identifier is used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
需要说明的是, 本领域普通技术人员可以理解实现上述实施例方法中的 全部或部分流程, 是可以通过计算机程序来指令相关的硬件来完成, 所述的 程序可存储于一计算机可读取存储介质中, 该程序在执行时, 可包括如上述 各方法的实施例的流程。 其中, 所述的存储介质可为磁碟、 光盘、 只读存储 己忆体 ( Read-Only Memory, ROM )或随机存 己忆体 ( Random Access Memory, RAM )等。  It should be noted that those skilled in the art can understand that all or part of the processes in the foregoing embodiments can be implemented by a computer program to instruct related hardware, and the program can be stored in a computer readable storage. In the medium, the program, when executed, may include the flow of an embodiment of the methods as described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上对本发明所提供的一种对 CSG终端进行准入控制的方法及装置进行 述, 以上实施例的说明只是用于帮助理解本发明的方法及其核心思想; 同 时, 对于本领域的一般技术人员, 依据本发明的思想, 在具体实施方式及应 用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为对本发明的 限制。  The foregoing describes a method and apparatus for performing admission control on a CSG terminal according to the present invention. The foregoing description of the embodiments is merely for facilitating understanding of the method and core idea of the present invention. Meanwhile, for those skilled in the art. The present invention is not limited by the scope of the present invention.

Claims

权 利 要求 Rights request
1、 一种对限定用户组 CSG终端进行准入控制的方法, 其特征在于, 包 括: A method for performing admission control on a limited user group CSG terminal, characterized in that it comprises:
接收 CSG签约终端发起的业务接入请求, 其中, 所述业务接入请求中携 带有指示所述 CSG签约终端请求接入的目标网络设备和请求进行的目标接入 类型的信息;  Receiving a service access request initiated by the CSG subscription terminal, where the service access request carries information indicating a target network device that the CSG subscription terminal requests to access and a target access type requested to be performed;
当保存的接入权限标识指示所述 CSG签约终端具有对所述目标网络设备 进行所述目标接入类型的权限时, 允许所述接入业务请求。  The access service request is allowed when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
2、 根据权利要求 1所述的方法, 其特征在于, 所述方法还包括: 当保存的接入权限标识指示所述 CSG签约终端不具有对所述目标网络设 备进行所述目标接入类型的权限时, 拒绝所述业务接入请求。  The method according to claim 1, wherein the method further comprises: when the saved access authority identifier indicates that the CSG subscription terminal does not have the target access type for the target network device When the permission is granted, the service access request is rejected.
3、 根据权利要求 1所述的方法, 其特征在于, 当所述接入权限标识保存 在核心网侧时, 所述接收 CSG签约终端发起的业务接入请求包括:  The method according to claim 1, wherein when the access right identifier is stored on the core network side, the service access request initiated by the receiving CSG subscription terminal includes:
核心网侧实体接收所述终端发送的承载建立请求消息;  Receiving, by the core network side entity, a bearer setup request message sent by the terminal;
或者,  Or,
核心网侧实体接收所述终端通过基站转发的承载建立请求消息; 所述承载建立请求消息中包含目标接入类型标识和目标网络设备标识。 The core network side entity receives the bearer setup request message forwarded by the terminal by the base station; the bearer setup request message includes the target access type identifier and the target network device identifier.
4、 根据权利要求 1所述的方法, 其特征在于, 当所述接入权限标识保存 在接入网侧时, 所述接收 CSG签约终端发起的业务接入请求包括: The method according to claim 1, wherein when the access right identifier is stored on the access network side, the service access request initiated by the receiving CSG subscription terminal includes:
基站接收所述终端发送的承载建立请求消息;  Receiving, by the base station, a bearer setup request message sent by the terminal;
或者,  Or,
基站接收所述终端通过核心网侧实体转发的所述承载建立请求消息; 所述承载建立请求消息中包含目标接入类型标识和目标网络设备标识。 The base station receives the bearer setup request message that is forwarded by the terminal by the core network side entity; the bearer setup request message includes a target access type identifier and a target network device identifier.
5、 根据权利要求 1所述的方法, 其特征在于, 所述接入权限标识具体为 第一类权限标识或者第二类权限标识, 其中, 所述第一类权限标识用于统一 标识 CSG签约终端是否具有对 CSG小区下的所有私有网络设备进行接入的权 限, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小区下 的各个私有网络设备进行接入的权限。 The method according to claim 1, wherein the access permission identifier is specifically a first type of authority identifier or a second type of authority identifier, wherein the first type of authority identifier is used to uniformly identify a CSG subscription. Whether the terminal has the right to access all the private network devices in the CSG cell, and the second type of the rights identifier is used to identify whether the CSG subscription terminal has the right to access the private network devices in the CSG cell.
6、 根据权利要求 5所述的方法, 其特征在于, 所述当保存的接入权限标 识指示所述 CSG签约终端具有对所述目标网络设备进行所述目标接入类型的 权限时, 允许所述业务接入请求包括: 6. The method according to claim 5, wherein: when the saved access authority is marked When the CSG subscription terminal is instructed to have the right to perform the target access type on the target network device, allowing the service access request includes:
当所述第一类权限标识指示所述 CSG签约终端具有对 CSG小区下的所有 私有网络设备进行所述目标接入类型的权限时, 允许所述业务接入请求; 或者,  When the first type of authority identifier indicates that the CSG subscription terminal has the right to perform the target access type for all private network devices under the CSG cell, the service access request is allowed; or
当所述第二类权限标识指示所述 CSG签约终端具有对所述目标网络设备 进行所述目标接入类型的权限时, 允许所述业务接入请求。  When the second type of authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device, the service access request is allowed.
7、 根据权利要求 1-5任意一项所述的方法, 其特征在于, 所述目标接入 类型包括: 本地 IP接入和远程接入。  The method according to any one of claims 1-5, wherein the target access type comprises: local IP access and remote access.
8、 一种对 CSG终端进行准入控制的方法, 其特征在于, 包括:  8. A method for performing admission control on a CSG terminal, the method comprising:
获取准入控制信息, 所述准入控制信息中的接入权限标识用于标识 CSG 签约终端是否具有对 CSG小区下的私有网络设备进行接入业务的权限;  Obtaining access control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell;
当所述接入权限标识指示所述终端具有对目标网络设备进行目标接入类 型的权限时, 发起业务接入请求。  When the access authority identifier indicates that the terminal has the right to perform the target access type on the target network device, the service access request is initiated.
9、 根据权利要求 8所述的方法, 其特征在于, 所述方法还包括: 当所述接入权限标识指示所述终端不具有对目标网络设备进行目标接入 类型的权限时, 不发起业务接入请求。  The method according to claim 8, wherein the method further comprises: when the access authority identifier indicates that the terminal does not have the right to perform a target access type on the target network device, does not initiate a service. Access request.
10、 根据权利要求 8所述的方法, 其特征在于, 所述获取准入控制信息包 括:  10. The method according to claim 8, wherein the obtaining admission control information comprises:
接收开放移动联盟设备管理 OMA DM服务器通过 OMA DM的方式发送的 所述准入控制信息;  Receiving, by the Open Mobile Alliance device, the admission control information sent by the OMA DM server by means of OMA DM;
或者,  Or,
接收核心网侧实体通过非接入层 NAS信令发送的所述准入控制信息; 或者,  Receiving, by the core network side entity, the admission control information sent by the non-access stratum NAS signaling; or
接收基站通过无线资源控制 RRC信令发送的所述准入控制信息。  And receiving the admission control information sent by the base station by using radio resource control RRC signaling.
11、 根据权利要求 8所述的方法, 其特征在于, 所述接入权限标识具体为 第一类权限标识或者第二类权限标识, 其中, 所述第一类权限标识用于统一 标识 CSG签约终端是否具有对 CSG小区下的所有私有网络设备进行接入的权 限, 所述第二类权限标识用于分别标识 CSG签约终端是否具有对 CSG小区下 的各个私有网络设备进行接入的权限。 The method according to claim 8, wherein the access authority identifier is specifically a first type of rights identifier or a second type of rights identifier, wherein the first type of rights identifier is used to uniformly identify a CSG subscription. Whether the terminal has the right to access all the private network devices in the CSG cell, and the second type of the rights identifier is used to identify whether the CSG subscription terminal has the CSG cell Permission to access each private network device.
12、 根据权利要求 8所述的方法, 其特征在于, 所述当所述接入权限标识 指示所述终端具有对目标网络设备进行目标接入类型的权限时, 发起业务接 入请求包括:  The method according to claim 8, wherein, when the access authority identifier indicates that the terminal has the right to perform a target access type on the target network device, the initiating the service access request includes:
当所述第一类权限标识指示所述终端具有对 CSG小区下的所有私有网络 设备进行所述目标接入类型的权限时, 发起所述业务接入请求;  When the first type of rights identifier indicates that the terminal has the right to perform the target access type for all private network devices under the CSG cell, the service access request is initiated;
或者,  Or,
当所述第二类权限标识指示所述终端具有对所述目标网络设备进行所述 目标接入类型的权限时, 发起所述业务接入请求。  And when the second type of authority identifier indicates that the terminal has the right to perform the target access type on the target network device, the service access request is initiated.
13、 根据权利要求 8-12任意一项所述的方法, 其特征在于, 所述目标接 入类型包括: 本地 IP接入和远程接入。  The method according to any one of claims 8 to 12, wherein the target access type comprises: local IP access and remote access.
14、 一种对 CSG终端进行准入控制的装置, 其特征在于, 包括: 接收单元, 用于接收 CSG签约终端发起的业务接入请求, 其中, 所述业 务接入请求中携带有指示所述 CSG签约终端请求接入的目标网络设备和请求 进行的目标接入类型的信息;  An apparatus for performing admission control on a CSG terminal, the method comprising: a receiving unit, configured to receive a service access request initiated by a CSG subscription terminal, where the service access request carries the indication Information about the target network device that the CSG subscription terminal requests to access and the target access type requested to be performed;
第一控制单元, 用于当保存的接入权限标识指示所述 CSG签约终端具有 对所述目标网络设备进行所述目标接入类型的权限时, 允许所述接入业务请 求。  The first control unit is configured to allow the access service request when the saved access authority identifier indicates that the CSG subscription terminal has the right to perform the target access type on the target network device.
15、 根据权利要求 14所述的装置, 其特征在于, 还包括:  The device according to claim 14, further comprising:
第二控制单元, 用于当保存的接入权限标识指示所述 CSG签约终端不具 有对所述目标网络设备进行所述目标接入类型的权限时, 拒绝所述业务接入 请求。  And a second control unit, configured to reject the service access request when the saved access authority identifier indicates that the CSG subscription terminal does not have the right to perform the target access type on the target network device.
16、 一种终端设备, 其特征在于, 包括:  16. A terminal device, comprising:
获取单元, 用于获取准入控制信息, 所述准入控制信息中的接入权限标 识用于标识 CSG签约终端是否具有对 CSG小区下的私有网络设备进行接入业 务的权限;  An obtaining unit, configured to obtain the access control information, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell;
第一控制单元, 用于当所述接入权限标识指示所述终端具有对目标网络 设备进行目标接入类型的权限时, 发起业务接入请求。  And a first control unit, configured to initiate a service access request when the access authority identifier indicates that the terminal has the right to perform a target access type on the target network device.
17、 根据权利要求 16所述的装置, 其特征在于, 所述方法还包括: 第二控制单元, 用于当所述接入权限标识指示所述终端不具有对目标网 络设备进行目标接入类型的权限时, 不发起业务接入请求。 The device according to claim 16, wherein the method further comprises: And a second control unit, configured to not initiate a service access request when the access authority identifier indicates that the terminal does not have the right to perform a target access type on the target network device.
18、 一种网络管理设备, 其特征在于, 包括:  18. A network management device, comprising:
设置单元, 用于为 CSG签约终端设置准入控制信息, 所述准入控制信息 中的接入权限标识用于标识 CSG签约终端是否具有对 CSG小区下的私有网络 设备进行接入业务的权限;  a setting unit, configured to set the admission control information for the CSG subscription terminal, where the access authority identifier in the admission control information is used to identify whether the CSG subscription terminal has the right to access the private network device in the CSG cell;
准入控制信息更新单元, 用于才艮据用户的需求更新准入控制信息。  The admission control information updating unit is configured to update the admission control information according to the user's needs.
PCT/CN2009/071440 2009-04-24 2009-04-24 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal WO2010121433A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2009801236964A CN102077652A (en) 2009-04-24 2009-04-24 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal
PCT/CN2009/071440 WO2010121433A1 (en) 2009-04-24 2009-04-24 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2009/071440 WO2010121433A1 (en) 2009-04-24 2009-04-24 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal

Publications (1)

Publication Number Publication Date
WO2010121433A1 true WO2010121433A1 (en) 2010-10-28

Family

ID=43010680

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/071440 WO2010121433A1 (en) 2009-04-24 2009-04-24 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal

Country Status (2)

Country Link
CN (1) CN102077652A (en)
WO (1) WO2010121433A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013000214A1 (en) * 2011-06-27 2013-01-03 中兴通讯股份有限公司 Access control method and system for mtc device
US9510255B2 (en) 2011-11-08 2016-11-29 Huawei Technologies Co., Ltd. Network handover method and apparatus
CN111918360A (en) * 2018-06-22 2020-11-10 维沃移动通信有限公司 Processing method, terminal and network element
CN114902789A (en) * 2019-12-31 2022-08-12 华为技术有限公司 Communication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1987884A (en) * 2005-12-19 2007-06-27 国际商业机器公司 Method and system product for access control to resource content
CN101296451A (en) * 2008-06-03 2008-10-29 中兴通讯股份有限公司 Method for updating inside user group list of terminal
CN101400153A (en) * 2007-09-27 2009-04-01 北京三星通信技术研究有限公司 Method for direct communication by user equipment through HNB access system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101282254B (en) * 2007-04-02 2011-06-01 华为技术有限公司 Method, system and apparatus for managing household network equipment
CN101400106A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method for household base station access control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1987884A (en) * 2005-12-19 2007-06-27 国际商业机器公司 Method and system product for access control to resource content
CN101400153A (en) * 2007-09-27 2009-04-01 北京三星通信技术研究有限公司 Method for direct communication by user equipment through HNB access system
CN101296451A (en) * 2008-06-03 2008-10-29 中兴通讯股份有限公司 Method for updating inside user group list of terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013000214A1 (en) * 2011-06-27 2013-01-03 中兴通讯股份有限公司 Access control method and system for mtc device
US9510255B2 (en) 2011-11-08 2016-11-29 Huawei Technologies Co., Ltd. Network handover method and apparatus
CN111918360A (en) * 2018-06-22 2020-11-10 维沃移动通信有限公司 Processing method, terminal and network element
CN111918360B (en) * 2018-06-22 2021-11-09 维沃移动通信有限公司 Processing method, terminal and network element
CN114902789A (en) * 2019-12-31 2022-08-12 华为技术有限公司 Communication method and device

Also Published As

Publication number Publication date
CN102077652A (en) 2011-05-25

Similar Documents

Publication Publication Date Title
EP3745807B1 (en) Session establishment method and device
US8811987B2 (en) Method and arrangement for creation of association between user equipment and an access point
US9456410B2 (en) Method for supporting PDN GW selection
JP5047276B2 (en) Access control method for base station for specific user, base station apparatus, and mobile communication management apparatus
US20100075635A1 (en) Access admission control method and system for mobile communication system
US20110263274A1 (en) Telecommunications networks and devices
KR101489882B1 (en) Informing a user equipment of a cell and a radio base station serving the cell about access rights granted to the user equipment
KR20110091305A (en) Method and apparatus for selecting public land mobile network for emergency call in multiple operator core network
WO2016155298A1 (en) Relay ue access control method and apparatus
US20110009113A1 (en) Access control using temporary identities in a mobile communication system including femto base stations
WO2012097731A1 (en) Location management method for group-based machine type communication (mtc) devices and device therefor
WO2009135431A1 (en) Method, system and equipment for notifying user’s information
TWI399111B (en) Method for authorizing mobile communication equipment by femtocell base station, femtocell base station and processor readable media
WO2012051890A1 (en) Terminal access limit method and system
WO2009024060A1 (en) An access control method, network devices and system of private service access point
WO2012100684A1 (en) Method and device for controlling access to local network
WO2011054251A1 (en) Method, system and terminal for preventing access from illegal terminals
WO2009094951A1 (en) Method and device of transmitting subscriber terminal identification information
GB2481785A (en) Removing closed subscriber group identities from white lists
JP2022166101A (en) Public warning message via n3gpp access
WO2010121433A1 (en) Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal
WO2011044816A1 (en) Monitoring method and monitoring device for user equipment
WO2011023097A1 (en) Method, apparatus and system for access control
WO2011015047A1 (en) Method and system for a home nodeb of hybrid access mode to obtain the access mode of a user equipment
WO2015154426A1 (en) Method and device for prose temporary identifier notification and update

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200980123696.4

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09843537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09843537

Country of ref document: EP

Kind code of ref document: A1